Starting today, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 27 months (825 days).
In a move that’s meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their creation date.
The lifespan of SSL/TLS certificates has shrunk significantly over the last decade. In 2011, the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities and vendors of browser software, imposed a limit of five years, bringing down the certificate validity period from 8-10 years.
Subsequently, in 2015, it was cut short to three years and two years again in 2018.
Although the proposal to reduce certificate lifetimes to one year was shot down in a ballot last September, the measure has been overwhelmingly supported by the browser makers such as Apple, Google, Microsoft, Mozilla, and Opera.
Then in February this year, Apple became the first company to announce that it intends to reject new TLS certificates issued on or after September 1 that…
http://feedproxy.google.com/~r/TheHackersNews/~3/riYw1n_IMvE/ssl-tls-certificate-validity-398.html
